Samba 4.0.0 <= 4.0.17 Improper Input Validation Vulnerability (CVE-2014-0239)

Potential DOS in Samba internal DNS server. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu: Security Advisory (USN-2257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Samba vulnerabilities (USN-2257-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2257-1 advisory. Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker...

USN-2257-1: Samba vulnerabilities

Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. CVE-2014-0178 It was...

[slackware-security] samba

New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/samba-4.1.9-i486-1slack14.1.txz: Upgraded. This update fixes bugs and security issues, including a flaw in Samba's internal DNS...

Security fix for the ALT Linux 8 package samba version 4.1.8-alt1

June 4, 2014 Alexey Shabalin 4.1.8-alt1 - 4.1.8 - fixed CVE-2014-0239, CVE-2014-0178...

Security fix for the ALT Linux 10 package samba version 4.1.8-alt1

June 4, 2014 Alexey Shabalin 4.1.8-alt1 - 4.1.8 - fixed CVE-2014-0239, CVE-2014-0178...

Security fix for the ALT Linux 8 package samba-DC version 4.1.8-alt1

June 4, 2014 Alexey Shabalin 4.1.8-alt1 - 4.1.8 - fixed CVE-2014-0239, CVE-2014-0178...

CVE-2014-0239

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged response packet that triggers a...

CVE-2014-0239

CVE-2014-0239 concerns the internal DNS server in Samba 4.x prior to 4.0.18. The issue arises because the DNS header QR field is not checked before sending a response, enabling a remote attacker to trigger a forged response that can cause a denial of service via a communication loop, consuming CP...